Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ae/d6b874-aea8-4b7e-b0d2-69b953c9d5aa/1/35RKWFaAWG0FZ0_sumSRQjo-ZTk.roa
File:                     35RKWFaAWG0FZ0_sumSRQjo-ZTk.roa (raw, json)
Hash identifier:          ZVFWp4+g/AarEhCpcB89stJLNFioN0GCQ4WE7V4D3XE=
Subject key identifier:   DF:94:4A:58:56:80:58:6D:05:67:4F:EC:BA:64:91:42:3A:3E:65:39
Certificate issuer:       /CN=542f633f76e8d8aaeaa32b5ace16a3db3943d80c
Certificate serial:       019C9E2F58F42EF8A9B12CF91753883C545F
Authority key identifier: 54:2F:63:3F:76:E8:D8:AA:EA:A3:2B:5A:CE:16:A3:DB:39:43:D8:0C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VC9jP3bo2Krqoytazhaj2zlD2Aw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ae/d6b874-aea8-4b7e-b0d2-69b953c9d5aa/1/35RKWFaAWG0FZ0_sumSRQjo-ZTk.roa
Signing time:             Fri 27 Feb 2026 08:20:28 +0000
ROA not before:           Fri 27 Feb 2026 08:20:28 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     9121
IP address blocks:        188.125.160.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ae/d6b874-aea8-4b7e-b0d2-69b953c9d5aa/1/VC9jP3bo2Krqoytazhaj2zlD2Aw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ae/d6b874-aea8-4b7e-b0d2-69b953c9d5aa/1/VC9jP3bo2Krqoytazhaj2zlD2Aw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VC9jP3bo2Krqoytazhaj2zlD2Aw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 23:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:9e:2f:58:f4:2e:f8:a9:b1:2c:f9:17:53:88:3c:54:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=542f633f76e8d8aaeaa32b5ace16a3db3943d80c
        Validity
            Not Before: Feb 27 08:20:28 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=df944a585680586d05674fecba6491423a3e6539
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:dc:f6:a4:50:f6:31:6d:14:a7:ae:86:2d:c3:
                    8f:aa:01:ce:e0:fd:2b:92:4c:47:db:d3:2f:fc:fa:
                    96:a0:70:26:f6:f1:eb:b8:2e:b0:b1:d4:b9:cf:34:
                    cd:97:eb:29:64:27:66:6f:d0:56:b9:c5:8f:a8:d9:
                    3b:eb:6f:62:f4:d7:2e:54:01:fe:a7:17:c2:25:35:
                    2e:f2:5b:b6:d6:af:e0:97:99:57:ce:dd:97:84:6e:
                    43:2f:ef:ca:4d:f9:8b:5d:ef:77:ad:10:ad:10:60:
                    36:7c:03:01:9b:73:75:34:ea:67:e4:cb:67:f7:72:
                    91:27:22:d8:d8:09:8e:24:8a:4b:88:3e:16:93:3b:
                    6c:c4:5f:15:fb:eb:53:b0:4e:3f:00:f5:5a:40:dd:
                    0d:8d:41:62:71:fd:14:b3:73:5e:da:9e:fd:65:41:
                    49:63:e6:cd:5d:83:35:21:58:2f:55:53:1f:69:78:
                    f1:4a:e5:60:ad:09:0a:e7:2a:38:c7:04:ec:cf:fe:
                    93:12:c4:b4:8f:8c:aa:a9:47:63:eb:7e:83:98:49:
                    cb:da:39:09:30:1d:9b:81:ab:5c:74:5a:e1:0c:9b:
                    2e:1d:20:f6:64:25:10:12:3e:26:23:ae:5e:a8:22:
                    c3:56:97:cc:82:44:e8:5a:a1:55:96:77:62:13:88:
                    c6:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:94:4A:58:56:80:58:6D:05:67:4F:EC:BA:64:91:42:3A:3E:65:39
            X509v3 Authority Key Identifier:
                keyid:54:2F:63:3F:76:E8:D8:AA:EA:A3:2B:5A:CE:16:A3:DB:39:43:D8:0C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VC9jP3bo2Krqoytazhaj2zlD2Aw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/d6b874-aea8-4b7e-b0d2-69b953c9d5aa/1/35RKWFaAWG0FZ0_sumSRQjo-ZTk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/d6b874-aea8-4b7e-b0d2-69b953c9d5aa/1/VC9jP3bo2Krqoytazhaj2zlD2Aw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.125.160.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d0:0c:67:9b:78:b2:ed:70:df:6b:6f:06:9a:3b:49:94:96:fe:
         6b:ff:28:57:dd:d1:76:81:4d:e4:a1:7a:50:f4:e4:95:89:e9:
         ba:4b:7f:f4:e5:89:32:80:56:b7:af:42:d4:31:9d:3f:62:2b:
         d1:6e:df:64:75:9d:04:f1:41:62:b7:c0:f4:c7:bb:95:9b:b2:
         1b:eb:75:b6:dd:cd:32:ea:5e:b9:f4:7e:92:71:21:a9:28:1b:
         e0:2b:43:e0:68:ef:c9:41:40:0f:f3:49:00:21:d7:a5:bd:c0:
         f9:2b:47:67:fc:4c:cb:ca:4b:77:4a:10:df:6b:a6:2a:29:47:
         23:89:0f:ef:00:e3:63:61:dd:db:b5:d6:0e:d8:9c:b5:98:3d:
         b7:2d:7b:9b:b0:61:34:8b:6a:1f:67:32:d1:f4:f9:24:a0:4c:
         aa:29:99:40:75:c8:bb:d3:ef:1d:e2:da:b3:58:0a:f0:89:ea:
         4a:c2:dd:00:5a:62:16:54:cf:c9:be:e8:58:6b:50:94:40:e8:
         ff:cd:0b:5f:1f:8f:6b:0d:34:9d:c3:12:a1:49:25:1b:65:e5:
         d3:8d:4d:51:ab:e8:4f:d5:86:49:ec:ce:64:db:26:68:66:57:
         f8:c4:4a:db:93:e3:d4:57:87:a4:be:eb:1d:c7:82:65:c9:3f:
         eb:10:fe:6e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZyeL1j0LvipsSz5F1OIPFRfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0MmY2MzNmNzZlOGQ4YWFlYWEzMmI1YWNlMTZhM2RiMzk0
M2Q4MGMwHhcNMjYwMjI3MDgyMDI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZjk0NGE1ODU2ODA1ODZkMDU2NzRmZWNiYTY0OTE0MjNhM2U2NTM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5tz2pFD2MW0Up66GLcOPqgHO4P0r
kkxH29Mv/PqWoHAm9vHruC6wsdS5zzTNl+spZCdmb9BWucWPqNk7629i9NcuVAH+
pxfCJTUu8lu21q/gl5lXzt2XhG5DL+/KTfmLXe93rRCtEGA2fAMBm3N1NOpn5Mtn
93KRJyLY2AmOJIpLiD4WkztsxF8V++tTsE4/APVaQN0NjUFicf0Us3Ne2p79ZUFJ
Y+bNXYM1IVgvVVMfaXjxSuVgrQkK5yo4xwTsz/6TEsS0j4yqqUdj636DmEnL2jkJ
MB2bgatcdFrhDJsuHSD2ZCUQEj4mI65eqCLDVpfMgkToWqFVlndiE4jGhQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN+USlhWgFhtBWdP7LpkkUI6PmU5MB8GA1UdIwQY
MBaAFFQvYz926Niq6qMrWs4Wo9s5Q9gMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkM5alAzYm8yS3Jxb3l0YXpoYWoyemxEMkF3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZS9kNmI4NzQtYWVhOC00YjdlLWIwZDIt
NjliOTUzYzlkNWFhLzEvMzVSS1dGYUFXRzBGWjBfc3VtU1JRam8tWlRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZS9kNmI4NzQtYWVhOC00YjdlLWIwZDItNjliOTUzYzlkNWFh
LzEvVkM5alAzYm8yS3Jxb3l0YXpoYWoyemxEMkF3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvH2gMA0G
CSqGSIb3DQEBCwUAA4IBAQDQDGebeLLtcN9rbwaaO0mUlv5r/yhX3dF2gU3koXpQ
9OSViem6S3/05YkygFa3r0LUMZ0/YivRbt9kdZ0E8UFit8D0x7uVm7Ib63W23c0y
6l659H6ScSGpKBvgK0PgaO/JQUAP80kAIdelvcD5K0dn/EzLykt3ShDfa6YqKUcj
iQ/vAONjYd3btdYO2Jy1mD23LXubsGE0i2ofZzLR9PkkoEyqKZlAdci70+8d4tqz
WArwiepKwt0AWmIWVM/JvuhYa1CUQOj/zQtfH49rDTSdwxKhSSUbZeXTjU1Rq+hP
1YZJ7M5k2yZoZlf4xErbk+PUV4ekvusdx4JlyT/rEP5u
-----END CERTIFICATE-----